8

I want to create reverse connection between two machines, but these is a firewall in the middle preventing all connections, except ssh. I want to create ssh tunnel using netcat, could you please tell me how to it?

Luc
  • 31,973
  • 8
  • 71
  • 135
user1028
  • 437
  • 4
  • 8
  • 14

3 Answers3

13

What's up? Here's the meat and potatoes: 

nurf@sessmacheen $ ssh -f -L localport:localaddress:remoteport \ 
    user@remoteaddress sleep 10; nc localaddress localport

This is assuming that sshd is listening on the remote box, which I think I can infer from your post.

Ok! So ssh is passed -f, which just backgrounds it after the connection is made, and -L. I remember -L as 'Link'. It creates a tunnel, wiring up a port locally to a port on the remote host (the localport:localaddress and :remoteport user@remoteaddress parts, respectively).

So ssh is reaching out and holding hands with sshd on the remote host (for 10 seconds, anyway), and it's sitting locally with it's hand outstretched waiting for something else to grab hold. So we nc localaddress localport. Et voila!

Granted the one liner above doesn't actually do anything except establish a connection and then run sleep 10 on the remote box. Here's a more practical example, totally ganked from this article.

## let's pull a back up image  over the wire!                   ##
## first we set up the image for grabbing on the remote machine ##
## by piping it to nc which then starts listening on port 9000  ##

dude@remotebox $ cat backup.ico | nc -l 9000

## and now we tunnel! locally, ssh opens up on 9001, and        ##
## connects to 9000 on the remote machine where nc is waiting   ##
## with cat, ready to go.                                       ##

nurf@sessmacheen $ ssh -f -L 9001:127.0.0.1:9000 dude@remotebox \
    sleep 10; nc 127.0.0.1 9001 | pv -b > backthatthangup.iso;

## this is pretty sweet because after nc gets done with the     ##
## connection, ssh finishes running sleep and closes it so you  ##
## don't have to fool with it.  nice and tidy.                  ##

## pv is a handy little utility that tracks data across a pipe  ##
## and will show you a progress bar and whatever else you want  ##

Naturally, to create this connection in 'reverse', you just, you know, do it the other way 'round. Backwords, if you will. Let me know how it works!

Oh yeah, also: nc won't bind to 22 because sshd's oh-so-privileged self is already sitting there. Hence the use of arbitrary ports outside the reserved ports range (i.e. anything above port 1024). Since 22 is one of the reserved ports, you'd have to be root to bind to it anyway.

nothankyou
  • 231
  • 1
  • 5
2

You don't need to create an SSH tunnel to do this - all you need to do is get NetCat to talk on port 22, as that is all the firewall is likely to be blocking on.

man nc should give you all the information you need.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
1

Beside the original post, you wrote you don't have root access to the computers, and that there is already a daemon listening on port 22.

In case you are in the sudoers group, nothankyou's solution is the one to go with:

sudo ssh -f -L localport:localaddress:remoteport user@remoteaddress sleep 10; nc localaddress localport

In case you don't, but somehow ( :O ) have access to the iptables (or similar) on the machine with SSH running already, try redirecting only the other computer ip to another local port where you will be listening with NC:

First, listen using the quoted code, or simply using NC:

nc -l -p 1234

Second redirect the incoming traffic to port 1234 in case of a familiar source ip address:

iptables -A INPUT -s <computer A's ip address> -p tcp --dport 22 -j REDIRECT --to-port 1234

In the reasonably case in which you don't have both some kind of root access and access to the local firewall rules, it is possible for non-root processes to bind to “privileged” ports (<1024) on Linux,use the following line to do so:

setcap 'cap_net_bind_service=+ep' /path/to/program

check this question from StackOverflow for more information. It might won't solve all your problems but it seems like a good hint until you'll give us a better description of your problem.

Community
  • 1
Boaz Tirosh
  • 633
  • 2
  • 7
  • 18